Short-range wireless systems have a range of less than one hundred meters, but may connect to the Internet to provide communication over longer distances. Short-range wireless systems include, but are not limited to, a wireless personal area network (PAN) and a wireless local area network (LAN). A wireless PAN uses low-cost, low-power wireless devices that have a typical range of ten meters. An example of a wireless PAN technology is the Bluetooth Standard. The Bluetooth Standard operates in the 2.4 GHz Industrial, Scientific, and Medical (ISM) band and provides a peak air-link speed of one Mbps and a power consumption low enough for use in personal, portable electronics such as a personal digital assistance or mobile phone. A introduction to Bluetooth applications is in Bluetooth Application Developer's Guide: The Short Range Interconnect Solution. Chapter 1, Syngress Publishing, Inc., 2002. Another example of a wireless PAN technology is a standard for transmitting data via infrared light waves developed by the Infrared Data Association (IrDA), a group of device manufacturers. IrDA ports enable computers, such as a laptop, or devices, such as a printer, to transfer data from one device to another without any cables. IrDA ports support roughly the same transmission rates as traditional parallel ports and the only restrictions on their use is that the two devices must be proximately located (i.e., within a few feet of each other) and have a clear line of sight. A wireless LAN is more costly than a wireless PAN, but has a longer range. An example of a wireless LAN technology is the IEEE 802.11 Wireless LAN Standard and the HIPERLAN Standard. The HIPERLAN Standard operates in the 5 GHz Unlicensed-National Information Infrastructure (U-NII) band and provides a peak air-link speed between ten and one hundred Mbps.
An ad-hoc network is a short-range wireless system comprising an arbitrary collection of wireless devices that are physically close enough to exchange information. Construction of an ad-hoc network is quick with wireless devices joining and leaving the network as they enter and leave the proximity of the remaining wireless devices. An ad-hoc network also may include one or more access points, that is, stationary; wireless devices operating as a stand-alone server or as gateway connections to other networks.
In the future, the Bluetooth Standard will likely support the interconnection of multiple piconets to form a multi-hop ad-hoc network, or scatternet. In a scatternet, a connecting device forwards traffic between different piconets. The connecting device may serve as a master device in one piconet, but as a slave device or a master device in another piconet. Thus, the connecting devices join the piconets that comprise a scatternet by adapting the timing and hop sequence to the respective piconet and possibly changing the roles that they serve from a master device to a slave device.
A Bluetooth device includes, but is not limited to, a mobile telephone, personal or laptop computer, radio-frequency identification tag, and personal electronic device such as a personal digital assistant (PDA), pager, or portable-computing device. Each Bluetooth device includes application and operating system programs designed to find other Bluetooth devices as they enter and leave the communication range of the network. The requesting Bluetooth device in a client role and the responding Bluetooth device in a server role establish a proximity link between the two devices. The requesting and responding Bluetooth device use the proximity link and a service discovery protocol to discover the services offered by the other Bluetooth device and how to connect to those services.
A public key infrastructure (PKI) is a system of digital certificates, certificate authorities (CAs), and other registration authorities that verify and authenticate the validity of each party involved in an Internet transaction. A digital certificate is an attachment to an electronic message typically to verify that a user sending a message is who they claim to be, and to provide the receiver with the means to encode a reply. An individual wishing to send an encrypted message applies for a digital certificate from a CA. The CA issues a signed digital certificate containing the applicant's public key and a variety of other identification data. The CA makes its own public key readily available through print publicity or perhaps on the Internet. The recipient of an encrypted message uses the CA's public key to verify the digital certificate attached to the message, verify that it was issued by the CA, and obtain the sender's public key and identification information held within the certificate. With this information, the recipient can send an encrypted reply. The most widely used standard for digital certificates is X.509.
Cryptography is the art of protecting information by transforming (i.e., encrypting) the information into an unreadable format, called cipher text. Only someone who possesses a secret key can decipher (i.e., decrypt) the cipher text into plain text. Symmetric-key systems and public-key systems are broad classifications of cryptography systems. A symmetric-key system (e.g., the Data Encryption Standard (DES)) is an encryption system in which the sender and receiver of a message share a single, common key that is used to encrypt and decrypt the message. A public-key system (e.g., Pretty Good Privacy (PGP)) uses two keys, a public key known to everyone and a private or secret key known only to the recipient of the message. When John wants to send a secure message to Jane, he uses Jane's public key to encrypt the message. Jane then uses her private key to decrypt the message. Symmetric-key systems are simpler and faster than public-key systems, but their main drawback is that the two parties must somehow exchange the key in a secure way. To avoid this drawback, public-key systems distribute the public key in a non-secure way and never transmit the private key.
The problem of secure communication and authentication in ad-hoc wireless networks has been addressed in a paper titled Talking to Strangers: Authentication in Ad-Hoc Wireless Networks by Balfanz et al. The authors present a solution that provides secure authentication using almost any established public-key-based key exchange protocol, as well as inexpensive hash-based alternatives. The solution allows devices to exchange a limited amount of public information over a privileged side channel, and then allows the devices to complete an authenticated key exchange protocol over the wireless link. The solution does not require a PKI, is secure against passive attacks on the privileged side channel and all attacks on the wireless link, and directly captures the user's intention to communicate with a particular previously unknown device that is within their physical proximity.
For wireless devices that communicate in a peer-to-peer ad-hoc network, prior art middleware facilitates inter-application communication by hiding peer-discovery, network formation, application and service discovery, as well as automatic application launching, behind an easy-to-use coherent application programming interface (API). However, since no trusted, accessible, third party based solution is available, establishing secure communication and authentication is difficult for the prior art middleware.
Thus, there is a need for a system and method for providing secure communication between selected applications in wireless ad-hoc network devices that rely upon middleware to facilitate inter-application communication. The system and method will provide the means to implement a security API for application-level access to other security services based on the generated peer-to-peer security associations. The system and method do not require a highly available server or PKI and improve establishment of security by relying on a user to enter a password. The present invention addresses this need.